Wednesday, August 23, 2006

ADAM - Policies...

We use ADAM (Active Directory Application Mode) for a project. To insert some users into the directory, we have written VB-Scripts. Everything worked well in our dev-environment.

But... during the setup at the customer company, we couldn't connect with the admin-user created by our VB-Script. Error-Message: 'Credentials not valid'. What happended!?

There were local policies installed, and the admin-user password didn't meet the minimal requirements, so the account was automatically disabled, without any message!

That's okay from the security point of view. But f****** hard to debug for a developer, escpecially with error messages like 'Credentials not valid'. And a kind of plain-text adsi-editor with hundrets of attributes:

After resetting the attribut "msDS-UserAccountDisabled" to false, everthing worked as expected.